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problem #1: 
passwords are hard to secure 
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A secure recovery 
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passwords are hard to secure 

they are a liability 



ALTER TABLE user 
DROP COLUMN password; 



problem #2: 
passwords are hard to remember 



users have two strategies 



1 . pick an easy password 
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Passwords and Forms 

i i Enable Auto-Fill to Fill in web Forms in a single click. Manage Auto-Fill settings 
l<?l OFFer to save passwords I enter on the web. Manage saved passwords 



Passwords 
ST Remember passwords For sites 
1-1 Use a master password 



2. reuse your password 



negative externality: 

sites that don't care about security 
impose a cost on more important sites 



passwords are hard to remember 

they need to be reset 




Lost password 

Follow these simple steps to reset your account: 



1 . Enter yourWordPress.com username or email address J 

2. Wait for your recovery details to be sent 

3. Follow instructions and be re-united with your WordPress.com account 

Want more help? We have a full guide to resetting your password . 
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existing login solutions 



client certificates 



Your Certificates I People Servers Authorities Others Certificate Patrol 



You have certificates from these organizations that identify you: 



Certificate Name Secunty Device Serial Number Expires On | e | 
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existing login systems 
are not good enough 
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how does it work? 
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getting a proof of email ownership 
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signed public key 



you have a signed statement from your 
provider that you own your email address 



logging into a 3rd party site 
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demo #1: 

http://crossword.thetimes.co.uk/ 
fmar iertest@eyedee . me 



Persona is already a 
decentralised system 
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• choice 

• security 

• innovation 



SendMyPIN.org 

SMS With PIN COCiGS A Mozilla Persona Identity Provider 



sendmypln.org is an experimental Mozilla Persona Identity Provid 
sign in to sites using their SMS enabled phone. 

To give sendmypin.org a try, visit your favorite Persona enabled s 
and sign In using <your_phone_number_with_country_code>@ 
email address. 



A Friday Hack by Shane Tomlinson Source code on GitHub 



SMS with PIN codes 
Jabber /XMPP 
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SMS with PIN codes 
Jabber /XMPP 
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CORPORATION 

Sign In 

Please use your LDAP password 



Password 
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LDAP accounts 



Your Certificates ' People Servers Authorities Others Certificate Patrc 
You have certificates from these organizations that identify you: 



Certificate Name Secunty Device Serial Number 
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SMS with PIN codes 
Jabber /XMPP 

Yubikeys 
LDAP accounts 
Client certificates 



"public-key": { 
"algorithm": 
"RS", 

"n": "685484565272...", 
"e": "65537" 

}, 

"encrypted-private-key": { 
"iv": "tmg7gztUQT...", 



"salt": "JMtGwlF5UWY", 
'ct": "8Dd0jD1IA1 .. ." 



}, 

"authentication": 
"provisioning": ' 
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Password-wrapped secret key 



decentralisation enables 
innovation 



decentralisation is the answer, but it's not 

a product adoption strategy 



we can't wait for all domains 

to adopt Persona 



we can't wait for all domains 

to adopt Persona 



solution: a tennporary 
centralised fallback 




demo #2: 

http://sloblog.io/ 
fmariertest@gmail . com 



Persona already works 
with all email domains 



identity bridging 




demo #3: 

http://www.reasonwell.com/ 
fmar iertest@yahoo . com 
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Persona supports 

all modern browsers 
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Persona is decentralised, 
simple and cross-browser 



it's simple for users, but is it also 

simple for developers? 
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your tasks - simplified 



Sign in with Persona 



Add item i new item 



So what is all this then? 

123done.org is a very simple to-do list application. 
Simply enter your to-do list item above and add it to 
your tasks. Click the tasks to mark them as done. 
Clicking an already finished task will remove it from the 
list. 

Your task list is stored on the computer for you to use. 
If you want to sync 123done across devices, log in with 
Mozilla Persona. 



123done is a project to show the power of Persona, Written by the at Mozilla, 



<script s rc="https: //login. persona. org/ include. js"> 

</script> 

</body></html> 



navigator. id. watch({ 



»; 



navigator. id.watch({ 

loggedlnUser: "francois@mozilla.com", 



»; 



navigator. id.watch({ 
loggedlnUser: null, 



»; 



navigator. id.watch({ 
loggedlnUser : null, 
onlogin: function (assertion) { 



}, 



»; 



navigator. id.watch({ 
loggedlnUser: null, 
onlogin: function (assertion) { 



»; 



}, 

onlogout: function () { 

window. location = '/logout'; 
} 
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So what is all this then? 

123done.org is a very simple to-do list application. 
Simply enter your to-do list item above and add it to 
your tasks. Click the tasks to mark them as done. 
Clicking an already finished task will remove it from the 
list. 

Your task list is stored on the computer for you to use. 
If you want to sync 123done across devices, log in with 
Mozilla Persona. 



123done is a project to show the power of Persona, Written by the at Mozilla, 
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O frnarier@rnozilla.com 
O francoi5@mozilla.corn 

Add another email This is not me 



By clicking sign in., you confirm that you accept 
this site's "errns of Use and Privacy Policy, 
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Mozilla Persona is the fast and secure way to sign in. _earn more - 
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By clicking sign in., you confirm that you acl 
this site's ~erns of Use and Privacy Policy. 1 
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navigator. id.watch({ 
loggedlnUser : null, 
onlogin: function (assertion) { 



»; 



}, 

onlogout: function () { 

window. location = '/logout'; 
} 



navigator. id.watch({ 
loggedlnUser: null, 
onlogin: function (assertion) { 
$.post(71ogin' , 

{assertion: assertion}, 
function (data) { 

window. location = '/home'; 

} 

); 

}, 

onlogout: function () { 

window. location = '/logout'; 
} 

»; 



$ curl -d "assertion=<ASSERTION>& 

audience=http: //1 23done.org" 
https://verifier.login.persona.org/verify 



status: "okay", 

audience: "http://123done.org", 
expires: 1344849682560, 
email: "francois@mozilla.com" , 



issuer: "login.persona.org' 
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your tasks - simplified 



raf Hi, francois@tnozilla.com 
LOGOUT 



• prepare slides 
deliver presentation 
profit from merch sales 
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So what is all this then? 

L23done.org is a very simple to-do list application. 
Simply enter your to-do list item above and add it to 
your tasks. Click the tasks to mark them as done. 
Clicking an already finished task will remove it from the 
list. 

Your task list is stored on the computer for you to use. 
If you want to sync 123done across devices, log in with 
Mozilla Persona. 



123done is a project to show the power of Persona, Written by the identity ft <s at Mozilla. 
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So what is all this then? 

L23done.org is a very simple to-do list application. 
Simply enter your to-do list item above and add it to 
your tasks. Click the tasks to mark them as done. 
Clicking an already finished task will remove it from the 
list. 

Your task list is stored on the computer for you to use. 
If you want to sync 123done across devices, log in with 
Mozilla Persona. 



123done is a project to show the power of Persona, Written by the identity ft <s at Mozilla. 



navigator, id. logoutQ 



navigator. id.watch({ 
loggedlnUser: null, 
onlogin: function (assertion) { 
$.post(71ogin' , 

{assertion: assertion}, 
function (data) { 

window. location = '/home' 

} 

); 

}, 

onlogout: function () { 

window. location = '/logout'; 
} 

»; 
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So what is all this then? 

123done.org is a very simple to-do list application. 
Simply enter your to-do list item above and add it to 
your tasks. Click the tasks to mark them as done. 
Clicking an already finished task will remove it from the 
list. 

Your task list is stored on the computer for you to use. 
If you want to sync 123done across devices, log in with 
Mozilla Persona. 



123done is a project to show the power of Persona, Written by the at Mozilla, 
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3. add login and logout buttons 



1 . load javascript library 

2. setup login & logout callbacks 

3. add login and logout buttons 

4. verify proof of ownership 



you can add support for 
Persona in four easy steps 



one simple request 
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building a new site: 

default to Persona 



Sign in with your Email 



working on an existing site: 

add support for Persona 



Sign in with your Email 




we need 
your help 
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to eliminate 

site-specific 

passwords 



To learn more about Persona: 

https://login.persona.org/ 
http://identity.mozilla.com/ 

https://developer.mozilla.org/docs/Persona/Why_Persona 
https://developer.mozilla.org/docs/Persona/Quick_Setup 

https://github.com/mozilla/browserid-cookbook 
https://developer.mozilla.org/docs/Persona/Libraries_and_plugins 

http://123done.org/ 
https://wiki.mozilla.Org/ldentity#Get_lnvolved 
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"public-key": { 
"algorithm" :"RS", 
"n":"8606...", 
"e": "65537" 

}, 

"authentication": " /browser id/sign_in. html", 

"provisioning" : "/browserid/provision . html" 
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1. check for your /.well-known/browser id 

2. try the provisioning endpoint 
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1. check for your /.well-known/browser id 

2. try the provisioning endpoint 



3. show the authentication page 



identity provider API 



1. check for your /.well-known/browser id 

2. try the provisioning endpoint 



3. show the authentication page 



4. call the provisioning endpoint again 
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